Good day,
I'm finally yanking out flow-tools and switching to nfdump. In doing so, I
had an issue learning the filter syntax
Example on webpage:
nfdump -r /and/dir/nfcapd.200407110845 -c 100 'tcp and ( src ip
172.16.17.18 or dst ip 172.16.17.19 )'
If I do this example I get the following error:
Line 1: syntax error at 'tcp'
The fix appears to be adding the proto keyword; I think this was a change
from 1.5.x to 1.6.x
Thanks,
Chris
--
Chris Green <[email protected]>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
